SMB Enumeration

SMB Enum

Check for port 139-NetBIOS and 445-SMB

Using nmap

nmblookup

smbclient

enum4linux

Using nmap

Nmap SMB NSE Scripts :- ls /usr/share/nmap/scripts/smb*

Ex:- nmap -v -p 139, 445 --script=smb-os-discovery 10.11.1.227 nmap -v -p 139,445 --script smb-vuln* 10.11.1.5

  • nmap --script smb-enum-shares.nse -p445 10.10.10.123

    • this will give directory in which this share lies

nmblookup

Display information about target nmblookup -A <ip>

smbclient

  • Enumerate the shares smbclient -L //<ip> -N -L to look at available service -N force tool not to ask password

  • smbclient //<ip>/<share> -N

enum4linux

  • enum4linux -n <ip> to check null session

  • enum4linux -a <ip> to gather info

  • enum4linux -s <wordlist><ip> to enum with other list

PreviousPort ScanningNextNFS Enumeration

Last updated